Personal Data Protection Policy
- Purpose, Scope
The GLOBAL MARITIME ENTERPRISES SINGLE MEMBER LIMITED LIABILITY COMPANY, hereinafter referred to as “THE COMPANY”, appreciates your visit to this website and also your interest in the company and our services.
The protection of your private sphere during the processing of personal data as well as the security of all business data is a major concern for us , that we take into consideration in our business activities.
Data protection and information security are an integral part of our corporate policy.
The current Policy lays down the key principles based on which the Company processes the personal data of its customers, employees, suppliers, partners and other persons.
This Policy is also applied by the Company in its subsidiaries, whose head office is in Greece, and the Company controls them directly or indirectly.
All employees with contracts of indefinite duration or fixed-term contracts, as well as all subcontractors who work for the Company are bound by the current Policy.
- Key Definitions
The key definitions of the terms used in the current document follow, as they are laid down in Article 4 of the General Data Protection Regulation ( EU/2016/679 ,GDPR), so that the data subject will become familiar with the Regulation’s terminology.
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier, such as a name, identity card number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Special Categories of Personal Data: Personal data which, essentially, are especially sensitive with respect to fundamental rights and freedoms, require special protection, since the scope of their processing may create important dangers which will affect such fundamental rights and freedoms. Such data include personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the undisputed identification of a person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
Controller: A natural or legal person, a public authority, agency or other body which, alone or jointly with others, determines the purposes and the manner of personal data processing.
Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Processing: every act or series of acts realized with or without the use of automatized means on personal data or on aggregates of personal data, such as the collection, registration, organization, structure, storage, adaptation or modification, recovery, search of information, use, disclosure by forwarding, dissemination or any other form of disposal, correlation or combination, limitation, erasure, or destruction.
Authority: The Authority of Personal Data Protection.
- Key principles that concern Personal Data Processing
The Company, as Controller, strictly abides by the principles of data protection which are defined in Article 5 of the General Data Protection Regulation (GDPR).
3.1. Lawfulness, Objectivity and Transparency
The Company processes personal data lawfully, objectively, and transparently as far as the data subjects are concerned.
3.2. Purpose Restriction
Private data are collected only for special, explicit, and lawful purposes and they are not processed for any other purpose.
3.3. Data minimization
The Company maintains accurate personal data of data subjects and ensures that their maintenance is limited to what is necessary in relation to data processing purposes. At the same time, it applies suitable technical means in order to achieve the above objectives.
The personal data maintained by the Company are accurate and updated. Measures are taken to ensure that personal data which are inaccurate with respect to the purpose for which they are processed are erased or corrected within a reasonable time.
3.5. Storage Time Limitation
Personal data are maintained for a time period not greater than necessary for the purpose for which the Company processes them.
3.6. Integrity and Confidentiality
Taking into account the technological level and other available safety measures, the cost of application, as well as the probability and gravity of dangers concerning the personal data, the Company uses suitable technical or organizational means for personal data processing, in a way that guarantees the proper safety of the personal data and their protection from accidental destruction, loss, damage, and unauthorized or illegal processing.
The Company is responsible to prove and is able to demonstrate its compliance with the General Data Protection Regulation to the competent Authority of Personal Data Protection.
Privacy Notice, Consent and Rights of Data Subjects
4.1. Notification of Data Subjects
Before the collection of personal data, or during their collection for any processing activity undertaken by the Company, including among other things the sale of products, services, or marketing activities, the Company is responsible to provide the necessary information to the data subjects and, specifically, information concerning the types of personal data collected, the processing purposes, the processing methods, the rights of the data subjects concerning their personal data, the period of registration, possible international data transfers, if the personal data are given to third parties within the scope of cooperation with them, as well as the security measures taken by the Company to protect the personal data. This information is provided by the Privacy Notice.
When the legal base of personal data collection is the consent of the data subject, the Company is responsible to ensure that data subjects grant their consent freely, with positive energy, explicitly, with full awareness of the content of the text to which they consent. The Company offers to the data subjects the opportunity to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Whenever a collection of personal data of children less than 16 years old occurs, the Company ensures that the Parent has granted his consent before the data collection.
Personal data processing must take place only for the purpose for which the data were initially collected. In case that the Company wishes to process collected personal data for a different purpose, it must request the consent of the data subjects explicitly, by a specific written statement. Any such request must contain the initial purpose for which the data were collected, as well as the new or additional purpose/purposes.
The Company shall use its best efforts to ensure that the number of personal data collected is limited to a minimum. If the personal data are collected by a third party, the Company ensures that those data are lawfully collected.
4.4. Relation of the Company with Third Parties
In case that the Company uses a third party, a supplier or commercial associate to which it assigns the processing of personal data on its behalf, it ensures that the processor will provide all suitable means of safety and protection of personal data in order to cope with all probable relevant dangers.
The Company shall use its best efforts in order to ensure that its suppliers or commercial associates process personal data only to accomplish their conventional obligations to the Company and for no other reason, and always according to its instructions.
4.5. Rights of Access of Data Subjects
The Company, as the Controller, is responsible to provide to the data subjects a mechanism of access to their personal data that will allow them to revise, correct, erase, or transfer such data.
4.6. Data Portability
Data Subjects have the right to receive, at their own request, a copy of the data which they have submitted to the Company in structured form and transfer those data to another controller. The Company is responsible to ensure that those applications are dealt with within a month, provided that such demands are not clearly unfounded. During the exercise of his right to data portability, the data subject has the right to request the direct transmission of personal data by one controller to another, if this is technically feasible
4.7. Right to Erasure
At their own request, Data Subjects have the right to ask the Company to erase their personal data. The Company will immediately proceed with the required actions (including technical operations) to satisfy the request and will ensure the same behavior from third parties which may use or process personal data on its behalf.
- Response to Personal Data Breaches
When the Company discovers a potential or actual personal data breach, it will immediately carry out an internal audit and it will take the necessary rectification measures within a reasonable time, according to the Policy of Personal Data Breach. If the rights and liberties of data subjects are threatened, the Company must report the breach to the Authorities without delay and, in any case, within the next 72 hours.
GLOBAL MARITIME ENTERPRISES smllc
10, Antoniou Ambatielou Str.
185 36 Piraeus, Greece
Tel. + 30 210 4283783 – 9
Fax + 30 2104283793
e-mail: [email protected]